I changed default settings to blocked in 'cross-tenant access settings' and now all users including global admin member are locked out of tenant.

Richard 6 Reputation points
2022-03-10T14:52:12.273+00:00

New to Azure, and have made the classic rookie error of locking myself out.

I created an AD, it has myself as owner/admin/member, and 2 external guest users that I invited.

I was testing setting up cross-tenant access, I've added 2 organisations, one inherits from default and one is set to allow for all, and changed the default settings to blocked for all.

Now I can't access my tenant. I get "Access is blocked by the organisation​" even when using my admin account when I try to switch to that tenant.
If I try use my admin account to log in to a registered app I get: Message: AADSTS500213: The resource tenant's cross-tenant access policy does not allow this user to access this tenant.

I don't understand why my admin user is being blocked by the cross-tenant policy?

I can't even delete the tenant to start over because I don't have access!

I can't find any support contact details. The 'help and support' button in azure just takes me back to the AD home screen - presumably I'd have to pay for some kind of support package.

Does anyone have any bright ideas how to get back in, or at least delete the broken directory?
Otherwise how to contact someone at MS who can help me?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,870 questions
{count} vote

3 answers

Sort by: Most helpful
  1. Luan Schons Griebler 1 Reputation point
    2022-07-19T12:11:29.133+00:00

    any solution for this problem? i ran in the same issue. X2


  2. Kay Ritzmann 1 Reputation point
    2022-07-20T17:18:25.347+00:00

    login to microsoft admin center (admin.microsoft.com) with your global admin account. there you can change the settings back.


  3. Kay Ritzmann 1 Reputation point
    2022-07-20T17:22:19.16+00:00

    using for login the user principle name... maybe it also works in azure portal

    0 comments No comments